9799 matches found
security flaw
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting XSS attacks using DOM methods of the top-level object...
mozilla -- multiple vulnerabilities
A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-56 chrome: scheme loading remote content MFSA 2006-55 Crashes with evidence of memory corruption rv:1.8.0.5 MFSA...
Native DOM methods can be hijacked across domains — Mozilla
A malicious page can hijack native DOM methods on a document object in another domain, which will run the attacker's script when called by the victim page. This could be used to steal login cookies, password, or other sensitive data on the target page, or to perform actions on behalf of a logged-...
MS Internet Explorer 6 Table.Frameset NULL Dereference Vulnerability
Exploit for unknown platform in category dos / poc ==================================================================== MS Internet Explorer 6 Table.Frameset NULL Dereference Vulnerability ==================================================================== // MoBB Demonstration function Demo var...
Microsoft Internet Explorer 6 - Table.Frameset NULL Dereference
// MoBB Demonstration function Demo var a = document.createElement'table'; var b = document.createElement'frameset'; a.appendChildb; Clicking the button below may crash your browser! milw0rm.com 2006-07-07...
Microsoft Internet Explorer 6 - Table.Frameset NULL Dereference
Microsoft Internet Explorer 6 - Table.Frameset NULL Dereference // MoBB Demonstration function Demo var a = document.createElement'table'; var b = document.createElement'frameset'; a.appendChildb; Clicking the button below may crash your browser! milw0rm.com 2006-07-07...
CentOS 4 : mozilla (CESA-2005:386)
Updated mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Vladimir V...
CentOS 4 : firefox (CESA-2006:0200)
An updated firefox package that fixes several security bugs is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpret...
CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...
DEBIAN-CVE-2006-2779
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...
devhelp, mozilla security update
CentOS Errata and Security Advisory CESA-2006:0329 Updated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Updated 24 Apr 2006 The erratum text has been updated to include the...
security flaw
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the 1 valueOf.call or 2...
CVE-2006-1733
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the 1 valueOf.call or 2...
DEBIAN-CVE-2006-1733
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the 1 valueOf.call or 2...
ISS prtoection Brief: Microsoft MDAC Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Security Brief April 11, 2006 Microsoft MDAC Remote Code Execution Summary: Microsoft has issued an advisory for a vulnerability in Microsoft Data Access Components. Specifically, the RDS.Dataspace ActiveX control provided with MDAC...
Critical: Red Hat Security Advisory: firefox security update
An updated firefox package that fixes several security bugs is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's Javascript interpret...
MDKSA-2005:127-1 : mozilla-thunderbird
A number of vulnerabilities were reported and fixed in Thunderbird 1.0.5 and Mozilla 1.7.9. The following vulnerabilities have been backported and patched for this update: The native implementations of InstallTrigger and other XPInstall- related javascript objects did not properly validate that...
Ubuntu 4.10 / 5.04 : mozilla vulnerabilities (USN-155-1)
Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious website to spoof the contents of other websites. CAN-2005-1937 It was discovered that a malicious website could injec...
Ubuntu 5.04 : mozilla-firefox, mozilla vulnerabilities (USN-124-1)
When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to...
Microsoft Internet Explorer vulnerable to code execution via mismatched DOM objects
Overview Microsoft Internet Explorer fails to properly handle requests to mismatched DOM objects, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer does not properly handle requests to mismatched DOM objects, such as the...